SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 49

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 50

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The C standardStandard, section 3.4.3 [ISO/IEC 9899:2011], defines undefined behavior as

...

Behavior can be classified as undefined by the C standards committee for the following reasons:

  • to To give the implementor license not to catch certain program errors that are difficult to diagnose
  • to To avoid defining obscure corner cases which would favor one implementation strategy over another
  • to To identify areas of possible conforming language extension: the implementor may augment the language by providing a definition of the officially undefined behavior

...

Increasingly, compiler writers are taking advantage of undefined behaviors in the C programming languages to improve optimizations. Frequently, these optimizations are interfering These optimizations frequently interfere with the ability of developers to perform cause-effect analysis on their source code, that is, analyzing to analyze the dependence of downstream results on prior results.   Consequently, these optimizations are eliminating causality in software and are increasing the probability of software faults, defects, and vulnerabilities.

...

Code Block
bgColor#FFCCCC
langc
#include <assert.h>

int foo(int a) {
  assert(a + 100 > a);
  printf("%d %d\n", a + 100, a);
  return a;
}

int main(void) {
  foo(100);
  foo(INT_MAX);
}

This code tests checks for signed integer overflow by testing to see if whether a + 100 > a. This test cannot evaluate to false unless an integer overflow occurs. However, because a conforming implementation is not required to generate code for undefined behavior, and signed integer overflow is undefined behavior, this code may be compiled out. For example, GCC version 4.1.1 optimizes out the assertion for all optimization levels, and version 4.2.3 optimizes out the assertion for programs compiled with -O2-level optimization and higher.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard

...

MSC15-CPP. Do not depend on undefined behavior
ISO/IEC TR 24772Unspecified Behaviour [BQF]
Undefined Behaviour [EWF]
Implementation-Defined Behaviour [FAB]

Bibliography

[ISO/IEC 9899:2011

...

]Section 3.4.3, "Undefined

...

Behavior"
Section 4, "Conformance

...

"

...


Section J.2, "Undefined

...

Behavior"

ISO/IEC TR 24772 "BQF Unspecified behaviour," "EWF Undefined behaviour," and "FAB Implementation-defined behaviour"

Sources

[Seacord 2005]Chapter 5, "

...

Integer Security"

 

...